<?php

// 用户登录注册处理程序

require 'common.php';
require 'db/base.php';

$type = $_GET['type'];
$is_ajax = $_GET['ajax'];

$err_msg = '';
$redirect_url = '/';
$result_data = null;

if ($type == 'login') {
    // 用户登录行为分支

    $post_data = $_POST;
    if (!$post_data['username']) {
        // 用户名为空
        $err_msg = '用户名不能为空';
    }
    else if (!$post_data['password']) {
        // 用户名为空
        $err_msg = '密码不能为空';
    }
    // 表单数据初步验证
    else {
        // mysql 查询用户名密码
        $sql = "select uid, username, email, password, create_time, update_time from member "
            ."where (username='". $post_data['username'] ."' or email='". $post_data['username'] ."')"
            ."and password='". md5($post_data['password']) ."';";

        $result = mysql_query($sql);
        while ($row = mysql_fetch_array( $result, MYSQL_NUM ) ) {

            // 成功登录行为
            $result_data = array(
                'uid' => $row[0],
                'username' => $row[1],
                'email' => $row[2],
                'create_time' => $row[4],
                'update_time' => $row[5],
            );

            // 登录情况写入session
            $_SESSION['login_user'] = $result_data;
        }

        if (empty($result_data)) {
            $err_msg = '用户名和密码不匹配';
        }
    }

}

else if ($type == 'reg') {
    // 用户注册
    $post_data = $_POST;
    if (!$post_data['username']) {
        // 用户名为空
        $err_msg = '用户名不能为空';
    }
    else {
        $uname = $post_data['username'];
        $passwd = $post_data['password'];
        // $email = $post_data['email'];
        $pass_rep = $post_data['password_repeat'];

        if (!valid_username($uname)) {
            $err_msg = '用户名只允许6-20位英文、数字或中文';
        }
        else if (!valid_password($passwd)) {
            $err_msg = '密码只允许6-20位英文、数字和符号_-@';
        }
        else if ($passwd != $pass_rep) {
            $err_msg = '密码输入不一致';
        }
        else {
            // 去注册
            $md5passwd = md5($passwd);

            // 首先 查询用户名是否存在
            $sql = "select uid, username, email from member "
                ."where username='". $uname ."'"
                .";";
                // ."or email='". $uname ."';";

            $result = mysql_query($sql);
            while ($row = mysql_fetch_array( $result, MYSQL_NUM ) ) {
                $result_data = array(
                    'uid' => $row[0],
                    'username' => $row[1],
                    'email' => $row[2],
                );
            }

            // 判断存在数据
            if (empty($result_data)) {
                // 可以注册这个用户名
                $now_time = time();

                // mysql 插入用户名密码
                $sql = "insert into member(username, password, create_time) "
                    ."values('".$uname."','". $md5passwd ."', ". $now_time .");";

                $result = mysql_query($sql);

                if ($result) {
                    // 数据插入成功
                    $result_data = true;
                }
                else {
                    $err_msg = '数据库问题！注册用户失败!';
                }
            }
            else {
                $err_msg = '用户名已存在';
            }
        }
    }

    $redirect_url = 'member.php?type=register';   
}
// 退出登录用户
else if ($type == 'logout') {
    $referer = $_SERVER['HTTP_REFERER'];
    // var_dump($referer);
    // exit;

    $login_user = $_SESSION['login_user'];
    unset($_SESSION['login_user']);

    if ($referer) {
        header("Location: ${referer}");
        exit;
    }

    //重定向浏览器 
    header("Location: member.php?type=login");
    //确保重定向后，后续代码不会被执行 
    exit;
}
else {
    $err_msg = '404！非法URL访问！';
}

if ($err_msg) {

    if ($is_ajax) {
        $data = array(
            'status' => 1,
            'msg' => $err_msg,
        );

        echo json_encode($data);
    }
    else {
        $smarty->assign('msg', $err_msg);
        $smarty->assign('redirect_url', $redirect_url);
        $smarty->assign("title", '注册');
        $smarty->display('message.html');
    }
}
else {
    if ($is_ajax) {
        $data = array(
            'status' => 0,
            'msg' => 'OK',
            'data' => $result_data,
        );

        echo json_encode($data);
    }
}
